All Indigo data is stored electronically in an SQL Azure database in Netherlands, hosted on the Microsoft Azure Platform and is replicated to a secondary server in Ireland. Storage files such as attachments are kept on an Azure File Storage account in Netherlands and geo replicated to another server in Ireland.
Data access and backup
We use SQL Azure Database replication to keep your data safe in the case of system failure. We also keep a point in time recovery backup for the last thirty five days.
Data Collection & Transmission
- Application is hosted as a platform using Azure Application Services and there is no access via remote desktop to the machines
- All data sent to Indigo is encrypted in transit. Our API and application endpoints are TLS/SSL only and score an "A" rating on SSL Labs' tests
- Implemented all security headers to block any click jacking and XSS attacks with a rating of "A" on securityheaders.io
- Tinfoil Security for constant scanning of vulnerabilities [In Progress]
- Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.
- Database Firewall - Only IP’s of the App Server & Shireburn IP Addresses (Only authorised Shireburn personnel which require such access to perform their job efficiently are given access) are white listed.
- We also use Transparent data encryption which protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. This encryption is transparent to the application, and uses hardware acceleration to improve performance.
Auditing & Threat Detection
- We use Auditing for SQL Database and SQL Server audit to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.
- We also use SQL Database Threat Detection to detect anomalous database activities indicating potential security threats to the database. Threat Detection uses an advanced set of algorithms to continuously learn and profile application behavior, and notifies immediately upon detection of an unusual or suspicious activity. Threat Detection can help you meet the data breach notification requirement of the GDPR.